Top of Page
 

CAP Domain Change FAQ

Q:

Why are changes being made to the CAP exam?

 
A:

(ISC)² has an obligation to its membership to maintain the relevancy of its credentials. These enhancements are the result of a rigorous, methodical process that (ISC)² follows to routinely update its credential exams. This process ensures that the examinations and subsequent continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today's practicing information security practitioner.

Q:

How is the CAP exam changing?

 
A:

The content of the CAP has been refreshed to reflect the most pertinent issues that authorization security professionals currently face, along with the best practices for mitigating those issues. Some topics have been updated while others have been realigned. The result is an exam that most accurately reflects the technical and practical security risk management knowledge required by practitioners in pursuit of information system authorization to support an organization's mission and operations in accordance with legal and regulatory requirements.

As a result of the content refresh, we have updated the domain names to describe the topics accurately.

Previous CAP Domain Name

New CAP Domain Name

Domain 1: Risk Management Framework

Domain 1: Information Security Risk Management Program

Domain 2: Categorization of Information Systems

Domain 2: Categorization of Information Systems (IS)

Domain 3: Selection of Security Controls

Domain 3: Selection of Security Controls

Domain 4: Security Control Implementation

Domain 4: Implementation of Security Controls

Domain 5: Security Control Assessment

Domain 5: Assessment of Security Controls

Domain 6: Information System Authorization

Domain 6: Authorization of Information Systems (IS)

Domain 7: Monitoring of Security Controls

Domain 7: Continuous Monitoring

 

The domain weights are as follows:

 Major Domains

 Weightings (Percentage)

 Domain 1: Information Security Risk Management   Program

 15%

 Domain 2: Categorization of Information Systems (IS)

 13%

 Domain 3: Selection of Security Controls

 13%

 Domain 4: Implementation of Security Controls

 15%

 Domain 5: Assessment of Security Controls

 14%

 Domain 6: Authorization of Information Systems (IS)

 14%

 Domain 7: Continuous Monitoring

 16%

 Total 

 100%

 

Q:

Why do domains for (ISC)² credential exams change?

 
A:

Domains change because it is a reflection of a change in the knowledge, skills and abilities, as indicated by experts through the Job Task Analysis process.

Q:

When will these changes go into effect?

 
A:

The changes will begin on October 15, 2018.

Q:

In what language will the refreshed CAP exam be available?

 
A:

The refreshed CAP exam will be available in English only.

Q:

Will this change the number of questions or the time required to take the CAP exam?

 
A:

No. The CAP exam will have the same number of items, and the time required to take the exam will be the same.

Q:

If I have been studying for the CAP exam with material that focuses on the current domains, will I be sufficiently prepared to take the new exam without additional study?

 
A:

(ISC)² exams are experience-based that include experience-based questions that cannot be learned by studying alone. If you already have the experience in the domains covered in CAP and believe that you have sufficiently studied those domains, you should feel confident that you are qualified to take the new exam and pass it. (ISC)² cannot guarantee you will pass the exam.

Q:

Do these updates affect the experience requirement for the CAP?

 
A:

No. For the CAP, a candidate is required to have a minimum of two years cumulative work experience in one or more of the seven domains of the CAP CBK.

Q:

What impact do these changes have on (ISC)² training materials?

 
A:

The Official (ISC)² CAP Training Course will be available on October 15, 2018.

OK